In October, we saw strong uptick in the amount and severity of data breaches across a number of industry segments – Healthcare seems to be especially hard hit. While Vormetric has earned quite a lot of positive coverage for our recent Insider Threat survey, it pales in comparison to the continued negative news surrounding data breaches of all shapes and sizes. Below are a few of the more recent data breaches that we’ve seen in the news.
CorporateCarOnline, whose website in bold letters states “TRUST US: YOUR DATA IS SECURE” suffered a data breach in which 850,000 names, addresses and credit card numbers were lost. To add insult to injury, 250,000 of the stolen credit cards were no limit or high limit American Express credit cards. CorporateCarOnline kept a high-profile clientele – their clients included Donald Trump, Tom Hanks and Aaron Rodgers.
It was reported that Adobe’s data breach, which was originally thought only to affect 3 Million users, affected a startlingly high 38 Million. The attackers gained access to user’s customer IDs, names, encrypted passwords, encrypted debit and credit card numbers and other personal data through a flaw identified in compromised Adobe source code. As former CISO of the CIA, Robert Bigman pointed out in his blog post, “source code is the digital recipe that describes how these products are made.” Because of this breach not only customer information was exposed, but also Adobe’s “secret sauce”.
Big Data Security
MongoHQ suffered a data breach due to a lapse in the security controls around the company’s internal support application. CRN reports: “an employee was using a shared password to use the internal support application with a compromised personal account.” Using the shared password thus exposed, the hackers were able to access customer information from inside the support database.
MongoHQ is cautionary tale to Big Data companies. MongoHQ not only stores its customer’s data, but it stores their customer data as well. By placing huge amounts of data collected from various sources into giant repositories, Big Data companies are attractive targets to outside attackers. Without appropriate security safeguards, Big Data = Big Risk.
Minneapolis-based Allina Health notified 3,800 patients that a certified medical assistant had inappropriately accessed their personal health information. The medical assistant was also able to access patient’s names addresses, phone numbers, health insurance information, and the last four digits of their Social Security numbers.
Atlanta based children’s hospital, Children’s Healthcare of Atlanta, suffered a data breach when a corporate audit advisor emailed to her own personal email account the hospital's protected information. This included the patient health information of children, internal and external audit data, financial information, confidential and attorney-client privileged communications and other patient personal health information.
At CaroMont Health, in North Carolina, a staff member sent an improperly secured email, which exposed the confidential information of 1,210 individuals. Exposed information included names, birthdates, addresses, medical record numbers, medications, insurance names and Medicare numbers.